<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
	<table class="data-table">
		<tbody>
			<tr>
				<th>Name</th>
				<th>Description</th>
				<th>Type</th>
				<th>Default</th>
				<th>Valid Values</th>
				<th>Importance</th>
			</tr>
			<tr>
				<td>key.serializer</td>
				</td>
				<td>Serializer class for key that implements the <code>org.apache.kafka.common.serialization.Serializer</code>
					interface.
				</td>
				</td>
				<td>class</td>
				</td>
				<td></td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>value.serializer</td>
				</td>
				<td>Serializer class for value that implements the <code>org.apache.kafka.common.serialization.Serializer</code>
					interface.
				</td>
				</td>
				<td>class</td>
				</td>
				<td></td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>acks</td>
				</td>
				<td>The number of acknowledgments the producer requires the
					leader to have received before considering a request complete. This
					controls the durability of records that are sent. The following
					settings are allowed:
					<ul>
						<li><code>acks=0</code> If set to zero then the producer will
							not wait for any acknowledgment from the server at all. The
							record will be immediately added to the socket buffer and
							considered sent. No guarantee can be made that the server has
							received the record in this case, and the <code>retries</code>
							configuration will not take effect (as the client won't generally
							know of any failures). The offset given back for each record will
							always be set to -1.
						<li><code>acks=1</code> This will mean the leader will write
							the record to its local log but will respond without awaiting
							full acknowledgement from all followers. In this case should the
							leader fail immediately after acknowledging the record but before
							the followers have replicated it then the record will be lost.
						<li><code>acks=all</code> This means the leader will wait for
							the full set of in-sync replicas to acknowledge the record. This
							guarantees that the record will not be lost as long as at least
							one in-sync replica remains alive. This is the strongest
							available guarantee. This is equivalent to the acks=-1 setting.
				</td>
				</td>
				<td>string</td>
				</td>
				<td>1</td>
				</td>
				<td>[all, -1, 0, 1]</td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>bootstrap.servers</td>
				</td>
				<td>A list of host/port pairs to use for establishing the
					initial connection to the Kafka cluster. The client will make use
					of all servers irrespective of which servers are specified here for
					bootstrapping&mdash;this list only impacts the initial hosts used
					to discover the full set of servers. This list should be in the
					form <code>host1:port1,host2:port2,...</code>. Since these servers
					are just used for the initial connection to discover the full
					cluster membership (which may change dynamically), this list need
					not contain the full set of servers (you may want more than one,
					though, in case a server is down).
				</td>
				</td>
				<td>list</td>
				</td>
				<td>""</td>
				</td>
				<td>non-null string</td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>buffer.memory</td>
				</td>
				<td>The total bytes of memory the producer can use to buffer
					records waiting to be sent to the server. If records are sent
					faster than they can be delivered to the server the producer will
					block for <code>max.block.ms</code> after which it will throw an
					exception.
					<p>This setting should correspond roughly to the total memory
						the producer will use, but is not a hard bound since not all
						memory the producer uses is used for buffering. Some additional
						memory will be used for compression (if compression is enabled) as
						well as for maintaining in-flight requests.
				</td>
				</td>
				<td>long</td>
				</td>
				<td>33554432</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>compression.type</td>
				</td>
				<td>The compression type for all data generated by the
					producer. The default is none (i.e. no compression). Valid values
					are <code>none</code>, <code>gzip</code>, <code>snappy</code>, <code>lz4</code>,
					or <code>zstd</code>. Compression is of full batches of data, so
					the efficacy of batching will also impact the compression ratio
					(more batching means better compression).
				</td>
				</td>
				<td>string</td>
				</td>
				<td>none</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>retries</td>
				</td>
				<td>Setting a value greater than zero will cause the client to
					resend any record whose send fails with a potentially transient
					error. Note that this retry is no different than if the client
					resent the record upon receiving the error. Allowing retries
					without setting <code>max.in.flight.requests.per.connection</code>
					to 1 will potentially change the ordering of records because if two
					batches are sent to a single partition, and the first fails and is
					retried but the second succeeds, then the records in the second
					batch may appear first. Note additionall that produce requests will
					be failed before the number of retries has been exhausted if the
					timeout configured by <code>delivery.timeout.ms</code> expires
					first before successful acknowledgement. Users should generally
					prefer to leave this config unset and instead use <code>delivery.timeout.ms</code>
					to control retry behavior.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>2147483647</td>
				</td>
				<td>[0,...,2147483647]</td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>ssl.key.password</td>
				</td>
				<td>The password of the private key in the key store file. This
					is optional for client.</td>
				</td>
				<td>password</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>ssl.keystore.location</td>
				</td>
				<td>The location of the key store file. This is optional for
					client and can be used for two-way authentication for client.</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>ssl.keystore.password</td>
				</td>
				<td>The store password for the key store file. This is optional
					for client and only needed if ssl.keystore.location is configured.
				</td>
				</td>
				<td>password</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>ssl.truststore.location</td>
				</td>
				<td>The location of the trust store file.</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>ssl.truststore.password</td>
				</td>
				<td>The password for the trust store file. If a password is not
					set access to the truststore is still available, but integrity
					checking is disabled.</td>
				</td>
				<td>password</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>high</td>
				</td>
			</tr>
			<tr>
				<td>batch.size</td>
				</td>
				<td>The producer will attempt to batch records together into
					fewer requests whenever multiple records are being sent to the same
					partition. This helps performance on both the client and the
					server. This configuration controls the default batch size in
					bytes.
					<p>No attempt will be made to batch records larger than this
						size.
					<p>Requests sent to brokers will contain multiple batches, one
						for each partition with data available to be sent.
					<p>A small batch size will make batching less common and may
						reduce throughput (a batch size of zero will disable batching
						entirely). A very large batch size may use memory a bit more
						wastefully as we will always allocate a buffer of the specified
						batch size in anticipation of additional records.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>16384</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>client.dns.lookup</td>
				</td>
				<td><p>Controls how the client uses DNS lookups.</p>
					<p>
						If set to
						<code>use_all_dns_ips</code>
						then, when the lookup returns multiple IP addresses for a
						hostname, they will all be attempted to connect to before failing
						the connection. Applies to both bootstrap and advertised servers.
					</p>
					<p>
						If the value is
						<code>resolve_canonical_bootstrap_servers_only</code>
						each entry will be resolved and expanded into a list of canonical
						names.
					</p></td>
				</td>
				<td>string</td>
				</td>
				<td>default</td>
				</td>
				<td>[default, use_all_dns_ips,
					resolve_canonical_bootstrap_servers_only]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>client.id</td>
				</td>
				<td>An id string to pass to the server when making requests.
					The purpose of this is to be able to track the source of requests
					beyond just ip/port by allowing a logical application name to be
					included in server-side request logging.</td>
				</td>
				<td>string</td>
				</td>
				<td>""</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>connections.max.idle.ms</td>
				</td>
				<td>Close idle connections after the number of milliseconds
					specified by this config.</td>
				</td>
				<td>long</td>
				</td>
				<td>540000</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>delivery.timeout.ms</td>
				</td>
				<td>An upper bound on the time to report success or failure
					after a call to <code>send()</code> returns. This limits the total
					time that a record will be delayed prior to sending, the time to
					await acknowledgement from the broker (if expected), and the time
					allowed for retriable send failures. The producer may report
					failure to send a record earlier than this config if either an
					unrecoverable error is encountered, the retries have been
					exhausted, or the record is added to a batch which reached an
					earlier delivery expiration deadline. The value of this config
					should be greater than or equal to the sum of <code>request.timeout.ms</code>
					and <code>linger.ms</code>.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>120000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>linger.ms</td>
				</td>
				<td>The producer groups together any records that arrive in
					between request transmissions into a single batched request.
					Normally this occurs only under load when records arrive faster
					than they can be sent out. However in some circumstances the client
					may want to reduce the number of requests even under moderate load.
					This setting accomplishes this by adding a small amount of
					artificial delay&mdash;that is, rather than immediately sending out
					a record the producer will wait for up to the given delay to allow
					other records to be sent so that the sends can be batched together.
					This can be thought of as analogous to Nagle's algorithm in TCP.
					This setting gives the upper bound on the delay for batching: once
					we get <code>batch.size</code> worth of records for a partition it
					will be sent immediately regardless of this setting, however if we
					have fewer than this many bytes accumulated for this partition we
					will 'linger' for the specified time waiting for more records to
					show up. This setting defaults to 0 (i.e. no delay). Setting <code>linger.ms=5</code>,
					for example, would have the effect of reducing the number of
					requests sent but would add up to 5ms of latency to records sent in
					the absence of load.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>0</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>max.block.ms</td>
				</td>
				<td>The configuration controls how long <code>KafkaProducer.send()</code>
					and <code>KafkaProducer.partitionsFor()</code> will block.These
					methods can be blocked either because the buffer is full or
					metadata unavailable.Blocking in the user-supplied serializers or
					partitioner will not be counted against this timeout.
				</td>
				</td>
				<td>long</td>
				</td>
				<td>60000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>max.request.size</td>
				</td>
				<td>The maximum size of a request in bytes. This setting will
					limit the number of record batches the producer will send in a
					single request to avoid sending huge requests. This is also
					effectively a cap on the maximum record batch size. Note that the
					server has its own cap on record batch size which may be different
					from this.</td>
				</td>
				<td>int</td>
				</td>
				<td>1048576</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>partitioner.class</td>
				</td>
				<td>Partitioner class that implements the <code>org.apache.kafka.clients.producer.Partitioner</code>
					interface.
				</td>
				</td>
				<td>class</td>
				</td>
				<td>org.apache.kafka.clients.producer.internals.DefaultPartitioner</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>receive.buffer.bytes</td>
				</td>
				<td>The size of the TCP receive buffer (SO_RCVBUF) to use when
					reading data. If the value is -1, the OS default will be used.</td>
				</td>
				<td>int</td>
				</td>
				<td>32768</td>
				</td>
				<td>[-1,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>request.timeout.ms</td>
				</td>
				<td>The configuration controls the maximum amount of time the
					client will wait for the response of a request. If the response is
					not received before the timeout elapses the client will resend the
					request if necessary or fail the request if retries are exhausted.
					This should be larger than <code>replica.lag.time.max.ms</code> (a
					broker configuration) to reduce the possibility of message
					duplication due to unnecessary producer retries.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>30000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.client.callback.handler.class</td>
				</td>
				<td>The fully qualified name of a SASL client callback handler
					class that implements the AuthenticateCallbackHandler interface.</td>
				</td>
				<td>class</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.jaas.config</td>
				</td>
				<td>JAAS login context parameters for SASL connections in the
					format used by JAAS configuration files. JAAS configuration file
					format is described <a
					href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html">here</a>.
					The format for the value is: '<code>loginModuleClass
						controlFlag (optionName=optionValue)*;</code>'. For brokers, the config
					must be prefixed with listener prefix and SASL mechanism name in
					lower-case. For example,
					listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=com.example.ScramLoginModule
					required;
				</td>
				</td>
				<td>password</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.kerberos.service.name</td>
				</td>
				<td>The Kerberos principal name that Kafka runs as. This can be
					defined either in Kafka's JAAS config or in Kafka's config.</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.callback.handler.class</td>
				</td>
				<td>The fully qualified name of a SASL login callback handler
					class that implements the AuthenticateCallbackHandler interface.
					For brokers, login callback handler config must be prefixed with
					listener prefix and SASL mechanism name in lower-case. For example,
					listener.name.sasl_ssl.scram-sha-256.sasl.login.callback.handler.class=com.example.CustomScramLoginCallbackHandler</td>
				</td>
				<td>class</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.class</td>
				</td>
				<td>The fully qualified name of a class that implements the
					Login interface. For brokers, login config must be prefixed with
					listener prefix and SASL mechanism name in lower-case. For example,
					listener.name.sasl_ssl.scram-sha-256.sasl.login.class=com.example.CustomScramLogin</td>
				</td>
				<td>class</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>sasl.mechanism</td>
				</td>
				<td>SASL mechanism used for client connections. This may be any
					mechanism for which a security provider is available. GSSAPI is the
					default mechanism.</td>
				</td>
				<td>string</td>
				</td>
				<td>GSSAPI</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>security.protocol</td>
				</td>
				<td>Protocol used to communicate with brokers. Valid values
					are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL.</td>
				</td>
				<td>string</td>
				</td>
				<td>PLAINTEXT</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>send.buffer.bytes</td>
				</td>
				<td>The size of the TCP send buffer (SO_SNDBUF) to use when
					sending data. If the value is -1, the OS default will be used.</td>
				</td>
				<td>int</td>
				</td>
				<td>131072</td>
				</td>
				<td>[-1,...]</td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>ssl.enabled.protocols</td>
				</td>
				<td>The list of protocols enabled for SSL connections.</td>
				</td>
				<td>list</td>
				</td>
				<td>TLSv1.2,TLSv1.1,TLSv1</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>ssl.keystore.type</td>
				</td>
				<td>The file format of the key store file. This is optional for
					client.</td>
				</td>
				<td>string</td>
				</td>
				<td>JKS</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>ssl.protocol</td>
				</td>
				<td>The SSL protocol used to generate the SSLContext. Default
					setting is TLS, which is fine for most cases. Allowed values in
					recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may
					be supported in older JVMs, but their usage is discouraged due to
					known security vulnerabilities.</td>
				</td>
				<td>string</td>
				</td>
				<td>TLS</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>ssl.provider</td>
				</td>
				<td>The name of the security provider used for SSL connections.
					Default value is the default security provider of the JVM.</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>ssl.truststore.type</td>
				</td>
				<td>The file format of the trust store file.</td>
				</td>
				<td>string</td>
				</td>
				<td>JKS</td>
				</td>
				<td></td>
				</td>
				<td>medium</td>
				</td>
			</tr>
			<tr>
				<td>enable.idempotence</td>
				</td>
				<td>When set to 'true', the producer will ensure that exactly
					one copy of each message is written in the stream. If 'false',
					producer retries due to broker failures, etc., may write duplicates
					of the retried message in the stream. Note that enabling
					idempotence requires <code>max.in.flight.requests.per.connection</code>
					to be less than or equal to 5, <code>retries</code> to be greater
					than 0 and <code>acks</code> must be 'all'. If these values are not
					explicitly set by the user, suitable values will be chosen. If
					incompatible values are set, a <code>ConfigException</code> will be
					thrown.
				</td>
				</td>
				<td>boolean</td>
				</td>
				<td>false</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>interceptor.classes</td>
				</td>
				<td>A list of classes to use as interceptors. Implementing the
					<code>org.apache.kafka.clients.producer.ProducerInterceptor</code>
					interface allows you to intercept (and possibly mutate) the records
					received by the producer before they are published to the Kafka
					cluster. By default, there are no interceptors.
				</td>
				</td>
				<td>list</td>
				</td>
				<td>""</td>
				</td>
				<td>non-null string</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>max.in.flight.requests.per.connection</td>
				</td>
				<td>The maximum number of unacknowledged requests the client
					will send on a single connection before blocking. Note that if this
					setting is set to be greater than 1 and there are failed sends,
					there is a risk of message re-ordering due to retries (i.e., if
					retries are enabled).</td>
				</td>
				<td>int</td>
				</td>
				<td>5</td>
				</td>
				<td>[1,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>metadata.max.age.ms</td>
				</td>
				<td>The period of time in milliseconds after which we force a
					refresh of metadata even if we haven't seen any partition
					leadership changes to proactively discover any new brokers or
					partitions.</td>
				</td>
				<td>long</td>
				</td>
				<td>300000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>metric.reporters</td>
				</td>
				<td>A list of classes to use as metrics reporters. Implementing
					the <code>org.apache.kafka.common.metrics.MetricsReporter</code>
					interface allows plugging in classes that will be notified of new
					metric creation. The JmxReporter is always included to register JMX
					statistics.
				</td>
				</td>
				<td>list</td>
				</td>
				<td>""</td>
				</td>
				<td>non-null string</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>metrics.num.samples</td>
				</td>
				<td>The number of samples maintained to compute metrics.</td>
				</td>
				<td>int</td>
				</td>
				<td>2</td>
				</td>
				<td>[1,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>metrics.recording.level</td>
				</td>
				<td>The highest recording level for metrics.</td>
				</td>
				<td>string</td>
				</td>
				<td>INFO</td>
				</td>
				<td>[INFO, DEBUG]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>metrics.sample.window.ms</td>
				</td>
				<td>The window of time a metrics sample is computed over.</td>
				</td>
				<td>long</td>
				</td>
				<td>30000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>reconnect.backoff.max.ms</td>
				</td>
				<td>The maximum amount of time in milliseconds to wait when
					reconnecting to a broker that has repeatedly failed to connect. If
					provided, the backoff per host will increase exponentially for each
					consecutive connection failure, up to this maximum. After
					calculating the backoff increase, 20% random jitter is added to
					avoid connection storms.</td>
				</td>
				<td>long</td>
				</td>
				<td>1000</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>reconnect.backoff.ms</td>
				</td>
				<td>The base amount of time to wait before attempting to
					reconnect to a given host. This avoids repeatedly connecting to a
					host in a tight loop. This backoff applies to all connection
					attempts by the client to a broker.</td>
				</td>
				<td>long</td>
				</td>
				<td>50</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>retry.backoff.ms</td>
				</td>
				<td>The amount of time to wait before attempting to retry a
					failed request to a given topic partition. This avoids repeatedly
					sending requests in a tight loop under some failure scenarios.</td>
				</td>
				<td>long</td>
				</td>
				<td>100</td>
				</td>
				<td>[0,...]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.kerberos.kinit.cmd</td>
				</td>
				<td>Kerberos kinit command path.</td>
				</td>
				<td>string</td>
				</td>
				<td>/usr/bin/kinit</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.kerberos.min.time.before.relogin</td>
				</td>
				<td>Login thread sleep time between refresh attempts.</td>
				</td>
				<td>long</td>
				</td>
				<td>60000</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.kerberos.ticket.renew.jitter</td>
				</td>
				<td>Percentage of random jitter added to the renewal time.</td>
				</td>
				<td>double</td>
				</td>
				<td>0.05</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.kerberos.ticket.renew.window.factor</td>
				</td>
				<td>Login thread will sleep until the specified window factor
					of time from last refresh to ticket's expiry has been reached, at
					which time it will try to renew the ticket.</td>
				</td>
				<td>double</td>
				</td>
				<td>0.8</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.refresh.buffer.seconds</td>
				</td>
				<td>The amount of buffer time before credential expiration to
					maintain when refreshing a credential, in seconds. If a refresh
					would otherwise occur closer to expiration than the number of
					buffer seconds then the refresh will be moved up to maintain as
					much of the buffer time as possible. Legal values are between 0 and
					3600 (1 hour); a default value of 300 (5 minutes) is used if no
					value is specified. This value and
					sasl.login.refresh.min.period.seconds are both ignored if their sum
					exceeds the remaining lifetime of a credential. Currently applies
					only to OAUTHBEARER.</td>
				</td>
				<td>short</td>
				</td>
				<td>300</td>
				</td>
				<td>[0,...,3600]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.refresh.min.period.seconds</td>
				</td>
				<td>The desired minimum time for the login refresh thread to
					wait before refreshing a credential, in seconds. Legal values are
					between 0 and 900 (15 minutes); a default value of 60 (1 minute) is
					used if no value is specified. This value and
					sasl.login.refresh.buffer.seconds are both ignored if their sum
					exceeds the remaining lifetime of a credential. Currently applies
					only to OAUTHBEARER.</td>
				</td>
				<td>short</td>
				</td>
				<td>60</td>
				</td>
				<td>[0,...,900]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.refresh.window.factor</td>
				</td>
				<td>Login refresh thread will sleep until the specified window
					factor relative to the credential's lifetime has been reached, at
					which time it will try to refresh the credential. Legal values are
					between 0.5 (50%) and 1.0 (100%) inclusive; a default value of 0.8
					(80%) is used if no value is specified. Currently applies only to
					OAUTHBEARER.</td>
				</td>
				<td>double</td>
				</td>
				<td>0.8</td>
				</td>
				<td>[0.5,...,1.0]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>sasl.login.refresh.window.jitter</td>
				</td>
				<td>The maximum amount of random jitter relative to the
					credential's lifetime that is added to the login refresh thread's
					sleep time. Legal values are between 0 and 0.25 (25%) inclusive; a
					default value of 0.05 (5%) is used if no value is specified.
					Currently applies only to OAUTHBEARER.</td>
				</td>
				<td>double</td>
				</td>
				<td>0.05</td>
				</td>
				<td>[0.0,...,0.25]</td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>ssl.cipher.suites</td>
				</td>
				<td>A list of cipher suites. This is a named combination of
					authentication, encryption, MAC and key exchange algorithm used to
					negotiate the security settings for a network connection using TLS
					or SSL network protocol. By default all the available cipher suites
					are supported.</td>
				</td>
				<td>list</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>ssl.endpoint.identification.algorithm</td>
				</td>
				<td>The endpoint identification algorithm to validate server
					hostname using server certificate.</td>
				</td>
				<td>string</td>
				</td>
				<td>https</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>ssl.keymanager.algorithm</td>
				</td>
				<td>The algorithm used by key manager factory for SSL
					connections. Default value is the key manager factory algorithm
					configured for the Java Virtual Machine.</td>
				</td>
				<td>string</td>
				</td>
				<td>SunX509</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>ssl.secure.random.implementation</td>
				</td>
				<td>The SecureRandom PRNG implementation to use for SSL
					cryptography operations.</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>ssl.trustmanager.algorithm</td>
				</td>
				<td>The algorithm used by trust manager factory for SSL
					connections. Default value is the trust manager factory algorithm
					configured for the Java Virtual Machine.</td>
				</td>
				<td>string</td>
				</td>
				<td>PKIX</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>transaction.timeout.ms</td>
				</td>
				<td>The maximum amount of time in ms that the transaction
					coordinator will wait for a transaction status update from the
					producer before proactively aborting the ongoing transaction.If
					this value is larger than the transaction.max.timeout.ms setting in
					the broker, the request will fail with a <code>InvalidTransactionTimeout</code>
					error.
				</td>
				</td>
				<td>int</td>
				</td>
				<td>60000</td>
				</td>
				<td></td>
				</td>
				<td>low</td>
				</td>
			</tr>
			<tr>
				<td>transactional.id</td>
				</td>
				<td>The TransactionalId to use for transactional delivery. This
					enables reliability semantics which span multiple producer sessions
					since it allows the client to guarantee that transactions using the
					same TransactionalId have been completed prior to starting any new
					transactions. If no TransactionalId is provided, then the producer
					is limited to idempotent delivery. Note that <code>enable.idempotence</code>
					must be enabled if a TransactionalId is configured. The default is
					<code>null</code>, which means transactions cannot be used. Note
					that, by default, transactions require a cluster of at least three
					brokers which is the recommended setting for production; for
					development you can change this, by adjusting broker setting <code>transaction.state.log.replication.factor</code>.
				</td>
				</td>
				<td>string</td>
				</td>
				<td>null</td>
				</td>
				<td>non-empty string</td>
				</td>
				<td>low</td>
				</td>
			</tr>
		</tbody>
	</table>

</body>
</html>
